Mr D works in IT security (known by our kids as an internet bouncer)  and until recently it was something I didn’t know very much about (or really cared about if I’m honest).  All that changed the other day when I almost infected my laptop with some malware or virus (which is BAD if you didn’t already know that).  Luckily I didn’t but I’ll tell you what happened………..

I received an email from the South Africa Tax Office saying that I had I had a tax rebate waiting and I needed to click a link to get it.  Normally I would have just ignored it (I think) but because Mr D is South African and has a bank account there, I just forwarded it to him with a message something like this “Hi babe, no idea why your tax office is contacting me, but here is you tax rebate.”  He replied almost immediately with “PLEASE tell me you didn’t click on the link? It’s a virus or malware!!!!!!!!”  “Don’t worry” I replied, “You’ve taught me better than that!”. “Phew, that’s my girl!”.

Ever since then he’s been nagging me about making sure my blog is fully updated and protected and bla bla bla…..It’s one of those things that just gets automatically filed in my ‘too hard’ box.  However the other evening while we were watching telly he cornered me about it AGAIN.  This time I listened (didn’t have much choice really) and by the end of our conversation I was totally freaked out!!!

Here’s why……. (and if you think your business or blog is even just a tiny bit vulnerable or you have no idea what it’s all about, then I would seriously read on).   is your blog protected against cyber attacks Mr D
Babe, I deal with the security of lots of different companies every day and it’s scary how many of them are unprotected, or think they are protected but aren’t.  I don’t think your realise how important it is to secure your blog!  You really need to take this more seriously!!

Me
Why is my blog vulnerable anyway, I back it up.  Well, I have a plug in that is supposed to back it up.

Mr D 
Basically, WordPress or whatever software you’re using for your blog or website is just a series of code.  Think of it like layer upon layer of mesh, some more tightly woven than others. When you log in to your admin page and update things it all looks all pretty on the outside, but behind the scenes there are lots of holes in the mesh.  Some of these holes are known and some are not.
What if someone manages to poke a hole though the mesh and get to your admin, without your username and password?  If you’re lucky they’ll just be some smarty pants who will publish their findings on the internet to look cool, or even contact WordPress to tell them about it.  They’re called a white hat hacker.  Wordpress will read the article about the vulnerability and basically go “Oh fuck!!” and then hopefully quickly patch it. Then you’ll get an update notification with the patch.  If don’t keep on top of your updates, then you’re basically just leaving known gaping holes in your mesh for a more sinister attack to come along.  It’s crazy not to update, but not that uncommon.

Me
OH!!!!!!! Well, lucky I just updated then.

Mr D.
Yes, but you should have done it A LOT sooner.

Me
So apart from some smarty pants trying to break WordPress to look clever, why would anyone else want to break into my site.  It’s just a personal/parting blog.  I don’t have any money or credit card facilities on it for someone to steal.

Mr D
Good question.  So how important is your blog to you?

Me
Very.  It’s my blood, sweat and tears, plus it’s starting to become a small revenue stream for our family.

Mr D
Exactly, so losing it would be like losing your job.  It’s the same for small businesses, you risk losing all your customer credentials or your brand reputation.  Both can be equally devastating.

Me
I think I would cry if I lost my blog, but I still don’t get WHY someone would want to break into it?

Mr D
Ok, let me explain.  If you got an email from Apple itunes (or something that you use often, maybe even facebook or twitter) that looked totally legitimate (with the correct logos etc), alerting you that there had been a breach and you needed to click a link to update your password. What would you do?

Me
I’d click the link.

Mr D
Yes.  You would re-enter your email address, your old password and a new password and then you’d probably forget all about it.  Later, when you actually needed to log into your Apple itunes account (which could be days or weeks later) you’d find that the new password you entered didn’t work.  This is because the link you clicked on was most probably a fake link and a very hard one to spot.  The person behind that fake page now has your email address and your password and you’re none the wiser!  This kind of attack is called a phishing attack.

Me
Ok that’s not good, but it just tells me why I shouldn’t have the same password for all my accounts and maybe I should set up separate email address for that kind of stuff.  I still don’t get what it has to do with my blog?????   is your blog protected against cyber attacks 4 Mr D
Your readers trust you right?

Me
Yes.  Well I hope so.

Mr D
Well your Apple itunes account might not have anything to do with your blog but now you have someone potentially sitting in your browser or PC (which you have downloaded without realising) capturing EVERYTHING on your laptop.  Passwords, emails addresses, screenshots, key logging, EVERYTHING!  If your readers received an email from your account with a malware link or attachment they would probably open it because you are a trusted source.  Then you have just infected them too.  This is called a spear phishing attack.

Me
Oh SHIT!!

Mr D
Exactly!

Me
Well, are the WordPress updates enough to patch those holes and stop this from happening or do I need something extra?

Mr D
Absolutely YES. Well you could just rely on making sure your software is aways up to date, but another way of looking at it is like this:  You have a home with lots of valuable stuff in it right?  Do you wait until you get robbed before you take out insurance? Or do you pay up front for insurance which will cover your loss and help you get back up on your feet as quickly as possible in the event of a robbery?

Me
I’d pay the insurance.

Mr D
That’s not to say you are totally safe though.  You can have as much protection as you like on your front door (as in your blog or business website that’s accessible from the internet), but if you don’t have any protection on your back door (as in your computer software and/or browser) then all it takes is one malicious email and your business or blog is basically stuffed!

Me
OH MY GOD, really??  Why?

Mr D
There are people out there that are scanning the internet every second of every day looking for vulnerable sites and they’re called script kitties.

Me
As in cats???  That’s a weird name!

Mr D
Hahahaha, No love…. script kiddies.  As in kids or teenagers that have nothing better to do but try to run malicious scripts to see what results they can get. They are looking for vulnerable IP addresses (as in your blog) and if they find one with your WordPress site sitting on it, they’re in!

Me
But why me?  I don’t have anything for them.

Mr D
You do, you are worth money to them.  Firstly they want your credentials, because they can sell them for a lot of money (1 set of credentials might not be worth much but 100’s and 1000’s are worth a lot of money). Secondly, they can hold you to ransom.  Ransomeware is something that you could accidentally download (like the itunes thing), which will then encrypt your entire computer. ALL your blog posts……EVERYTHING.  Once they have it, they will make you pay to get it back and if you don’t, you seriously risk losing everything.  There goes your business!  They could also inundate you with requests to your website.  So many that your web sever will not be able to respond fast enough, resulting in your entire website going down.  This is called a DDOS attack and the only way to stop it is to pay.

Me
Bastards!  Can they really get away with that.

Mr D
Yes, they really can.  Your only option would be to pay them (unless you have the right protection in place).

Mr D
I actually just helped your mum with a similar kind of problem.  She had installed a plugin to her WordPress site that was vulnerable.  Actually her website was built by a developer a few years ago who had not kept it up to date so there were holes in the mesh.  The script kiddies got in, but because they didn’t actually make any changes to her site, your mum had no idea they were there.  Her business website server was now compromised and was being used as part of a botnet.

Me
A bot what????

Mr D
A botnet is a whole bunch of compromised computers across the internet that one person will own (and can do whatever they want with).

Me
Another script kiddie?

Mr D
Yes, but a very clever one.

Mr D
Now what will happen is that you will have another script kiddie somewhere that will want to sent a load of spam emails out to collect peoples credentials.  He will contact the owner of the botnet and pay him to send his spam from all those vulnerable computers.  So basically your mums website started sending out loads of spam to the world, and because the source of the email came from her website (which is considered trusted) email filters won’t block it.

Me
Oh no.  It’s like some kind of underworld out there!!

Mr D
It really is, and it’s a win win for both the botnet net owner and the script kiddie.  The botnet owner gets paid by the script kiddie to use his botnet, and the script kiddie is collecting hundreds and thousands of peoples credentials which is he getting from the spam email to sell on for big money.

Me
Bastards!

Mr D
The problem is, Bluehost, or whoever your service provider is may get in touch with you saying that your website has become a source for spam and if you don’t stop it, they will shut you down.  Again, there goes your business or blog!  They won’t want to shut you down as you are essentially a paying customer, but they may be forced to.

Me
OMG, would it be a nightmare to get rid of??

Mr D
Yes and no. You need to have protection on both your ‘front door and your back door because new vulnerabilities (or holes in your mesh) are popping up all the time. These script kiddies are just looking for the easiest way in.  Luckily there are very good way to set up protection again all these kind of attacks.

Me
This is seriously freaking me out.  Can you make my blog like fort knox please.  NOW!!

Mr D
Finally you get!  Don’t worry I’ve already fixed yours (and your mums too).

SO if you’re just a tiny bit freaked out by this, then please make sure your website or blog is protected.

Would you like Mr D to do a step by step guide on how to do this?

Mrs d signature4

34 comments on “Why it’s important to protect your blog or business from cyber attacks. An interview with Mr D.”

  1. I’ve had it happen and Bluehost basically shut me down. I had to pay out a lot of money to get everything fixed up and running again. I for one would LOVE Mr D to do a step by step guide to making my blog like fort knox because I would be devastated if it happened again.

    • Me too – I’m such a dumb blonde when it’s comes to techie stuff. We’re get the guide out asap. Lovely to meet you too xxx

    • It’s scary stuff isn’t it? Totally invasion of privacy and we don’t even realise what’s going on half the time. Bastards!!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.